Authentification JWT sur le backend super-graph #8

Manually merged
tcornaut merged 12 commits from feature/super-graph-auth into develop 2020-06-22 21:28:41 +02:00
1 changed files with 84 additions and 62 deletions
Showing only changes of commit d85edd949c - Show all commits

View File

@ -1,9 +1,9 @@
app_name: "Test Development"
app_name: "Daddy Dev"
host_port: 0.0.0.0:8080
web_ui: true
# debug, error, warn, info
log_level: "info"
log_level: debug
# enable or disable http compression (uses gzip)
http_compress: true
@ -15,7 +15,7 @@ http_compress: true
production: false
# Throw a 401 on auth failure for queries that need auth
auth_fail_block: false
auth_fail_block: true
# Latency tracing for database queries and remote joins
# the resulting latency information is returned with the
@ -65,18 +65,16 @@ cors_debug: false
auth:
# Can be 'rails', 'jwt' or 'header'
type: jwt
cookie: _supergraph_session
#cookie: _supergraph_session
# Comment this out if you want to disable setting
# the user_id via a header for testing.
# Disable in production
creds_in_header: true
#creds_in_header: false
# jwt:
# provider: auth0
# secret: abc335bfcfdb04e50db5bb0a4d67ab9
# public_key_file: /secrets/public_key.pem
# public_key_type: ecdsa #rsa
jwt:
provider: hydra
jwks_url: http://hydra:4444/.well-known/jwks.json
# header:
# name: dnt
@ -87,16 +85,16 @@ auth:
# In this example actions using this auth can only be
# called from the Google Appengine Cron service that
# sets a special header to all it's requests
auths:
- name: from_taskqueue
type: header
header:
name: X-Appengine-Cron
exists: true
# auths:
# - name: from_taskqueue
# type: header
# header:
# name: X-Appengine-Cron
# exists: true
database:
type: postgres
host: db
host: localhost
port: 5432
dbname: daddy
user: daddy
@ -105,11 +103,11 @@ database:
#schema: "public"
#pool_size: 10
#max_retries: 0
#log_level: "debug"
log_level: "debug"
# Set session variable "user.id" to the user id
# Enable this if you need the user id in triggers, etc
set_user_id: false
set_user_id: true
# database ping timeout is used for db health checking
ping_timeout: 1m
@ -117,7 +115,7 @@ database:
# Define additional variables here to be used with filters
variables:
# admin_account_id: "5"
admin_account_id: "sql:select id from users where admin = true limit 1"
# admin_account_id: "sql:select id from users where admin = true limit 1"
# Field and table names that you wish to block
@ -135,67 +133,91 @@ database:
# which in this case refreshes a materialized view in the database.
# The auth_name is from one of the configured auths
actions:
- name: refresh_leaderboard_users
sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
auth_name: from_taskqueue
# - name: refresh_leaderboard_users
# sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
# auth_name: from_taskqueue
tables:
- name: customers
remotes:
- name: payments
id: stripe_id
url: http://rails_app:3000/stripe/$id
path: data
# debug: true
pass_headers:
- cookie
set_headers:
- name: Host
value: 0.0.0.0
# - name: customers
# remotes:
# - name: payments
# id: stripe_id
# url: http://rails_app:3000/stripe/$id
# path: data
# # debug: true
# pass_headers:
# - cookie
# set_headers:
# - name: Host
# value: 0.0.0.0
# - name: Authorization
# value: Bearer <stripe_api_key>
- # You can create new fields that have a
# real db table backing them
name: me
table: users
# - # You can create new fields that have a
# # real db table backing them
# name: me
# table: users
#roles_query: "SELECT * FROM users WHERE id = $user_id"
roles_query: "select * from users where users.email = $user_id"
roles:
# Rôle par défaut si l'utilisateur n'existe pas dans la table `users`
- name: anon
tables:
- name: users
query:
limit: 10
# - name: users
# insert:
# block: true
# query:
# block: true
# update:
# block: true
# delete:
# block: true
# Rôle par défaut si l'utilisateur existe dans la table `users`
# mais que la valeur de la colonne `role` n'est pas définie
- name: user
tables:
- name: users
query:
filters: ["{ id: { _eq: $user_id } }"]
- name: products
query:
limit: 50
filters: ["{ user_id: { eq: $user_id } }"]
disable_functions: false
insert:
filters: ["{ user_id: { eq: $user_id } }"]
presets:
- user_id: "$user_id"
- created_at: "now"
block: true
query:
filters: ["{ email: { _eq: $user_id } }"]
update:
filters: ["{ user_id: { eq: $user_id } }"]
presets:
- updated_at: "now"
columns:
- full_name
filters: ["{ email: { _eq: $user_id } }"]
delete:
block: true
- name: admin
match: role = 'admin'
tables:
- name: users
query:
filters: []
# - name: products
# query:
# limit: 50
# filters: ["{ user_id: { eq: $user_id } }"]
# disable_functions: false
# insert:
# filters: ["{ user_id: { eq: $user_id } }"]
# presets:
# - user_id: "$user_id"
# - created_at: "now"
# update:
# filters: ["{ user_id: { eq: $user_id } }"]
# presets:
# - updated_at: "now"
# delete:
# block: true
# - name: admin
# match: id = 1000
# tables: